-
November 27th, 2019, 04:21 AM
#1
Forgot password send mail to the registered user java
I am trying to create a link on clicking forgot password. Once the user entered their mail id and clicks the button, the user should check their mail for the reset password link in which the link is accessible of the specified time, Later the link will expire. Please help me with this. Twice I checked for reset password link and both the links are different. I am trying to achieve something like this.
Someone, probably you, made a password recovery request from Big Moose Saloon account. Please use the following URL to complete the password recovery. You will be sent to a page asking your email address and the new password. https://coderanch.com/forums/user/re...b4ced1ba172cf5
Someone, probably you, made a password recovery request from Big Moose Saloon account. Please use the following URL to complete the password recovery. You will be sent to a page asking your email address and the new password. https://coderanch.com/forums/user/re...93e2ab6216ce48
How will i do this? Please help me.
-
November 27th, 2019, 10:48 PM
#2
Re: Forgot password send mail to the registered user java
Typically, you'll generate a link with a key. You can use a GUID for the key, and before you send the email, you'll want to store the key along with the key expiration date. You can store this in the user table or in another table with a foreign key to the user table.
When the user click to reset the password, you check if there is an existing link and whether it has expired before sending email. If the key has not expired you can resend the email using the same key. Or, if expired you can generate a new key, store it and send a new email.
When the user clicks on the link in the email, prompt to enter a new password, store it and then remove the key amd expiration date.
-
November 28th, 2019, 12:03 AM
#3
Re: Forgot password send mail to the registered user java
Can you please suggest me an example and this is my user table valuesid | Email | userName | password | reg_date . What else should i add in user table?
-
November 28th, 2019, 04:03 AM
#4
Re: Forgot password send mail to the registered user java
I have added the code as per you tole me to.
Code:
UUID tokenId=java.util.UUID.randomUUID();
String path="http://localhost/PasswordResetServlet?tokenId='"+tokenId+"'";
String link = "<a href = ""+path+""></a>";
message.setText(msg+link);
I had created the table with following fields.
Code:
CREATE TABLE userpwd ( confirmation_token varchar(200),Email VARCHAR(254),
reg_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP);
Now i have insert the generated tokedid along with the mailid right?
Last edited by VictorN; November 28th, 2019 at 07:18 AM.
Reason: Added CODE tags
-
November 28th, 2019, 07:20 AM
#5
Re: Forgot password send mail to the registered user java
Please, use CODE tags (not QUOTE) while posting code or scrip
Victor Nijegorodov
-
November 28th, 2019, 11:42 AM
#6
Re: Forgot password send mail to the registered user java
Use this table:
Code:
CREATE TABLE PasswordReset
(
Id INT IDENTITY(1,1) NOT NULL,
UserId INT NOT NULL,
CreatedDate DATETIME NOT NULL,
UpdatedDate DATETIME NOT NULL,
ResetToken UNIQUEIDENTIFIER NOT NULL
ExpirationDate DATETIME NOT NULL,
ResetStatus Id NOT NULL
)
Comments:
1) The UserId is a foreign key to the user table with 1..many relationship.
2)ResetToken is the UUID you generate.
3) Use the native UUID db type (UNIQUEIDENTIFIER) instead of VARCHAR.
4) Create a unique constraint of the composite key of UserId and ResetToken.
5) ResetStatusId is an FK to ResetStatus table (which you'll need to create) with the values of:
Created 1
Sent 2
Pending 3
Received 4
Completed 5
Note: the above is roughly SQL SERVER create table syntax.
Lastly, it is very valuable to learn SQL best practices when learning how to program. Proper sql design helps to prevent garbage data from getting into the database. Then, as a programmer, you don't have to deal with it. For example, that is why I used the SQL data type of UNIQUEIDENTIFIER (UUID) for ResetToken instead of VARCHAR because the database with only accept a valid UUID. If you used a VARCHAR here the db would accept any string and you would have to constantly check and convert it into a UUID in your program. A good rule of thumb for db design is to use native types whenever possible.
Last edited by Arjay; November 28th, 2019 at 11:46 AM.
-
December 2nd, 2019, 03:27 AM
#7
Re: Forgot password send mail to the registered user java
Code:
Connection con = null;
PreparedStatement preparedStatementFetch = null;
PreparedStatement preparedStatementInsert = null;
Session session = Session.getInstance(props,new javax.mail.Authenticator()
{
protected PasswordAuthentication getPasswordAuthentication()
{
return new PasswordAuthentication(user,pass);
}
});
try {
System.out.println("hai");
con = DBConnection.createConnection(); //establishing connection
String query = "SELECT * FROM Users where email=?"; //Insert user details into the table 'USERS'
preparedStatementFetch = con.prepareStatement(query); //Making use of prepared statements here to insert bunch of data
System.out.println("hai"+preparedStatementFetch);
// preparedStatementFetch.setString(1,email);
ResultSet rs=preparedStatementFetch.executeQuery();
System.out.println("hai" + rs);
if(!rs.next()){// no mathcing record found corresponding to given email
preparedStatementInsert=con.prepareStatement("insert into userpwd (confirmation_token,Email) values (?,?)");
System.out.println("hai");
}
MimeMessage message = new MimeMessage(session);
message.setFrom(new InternetAddress(user,"no-reply@abc.com"));
message.addRecipient(Message.RecipientType.TO,new InternetAddress(to));
message.setSubject(sub);
UUID tokenId=java.util.UUID.randomUUID();
String path="http://localhost/RegisterServlet?tokenId='"+tokenId+"'";
String link = "<a href = ""+path+""></a>";
message.setText(msg+link);
Transport.send(message);
}
The above code is how i am trying to insert the token_id and email in database. But i don't know how will retrieve the email address on button click from ForgotPasswordDao.java in Sendmail.java. So that the token and email will be inserted in the separate table.
Code:
System.out.println("hai"+preparedStatementFetch);
Prints haicom.mysql.jdbc.JDBC4PreparedStatement@5b933bbc: SELECT * FROM userpwd where email=** NOT SPECIFIED **
-
December 2nd, 2019, 08:43 AM
#8
Re: Forgot password send mail to the registered user java
The link that was sent to the user contains the ResetToken UUID. When the user clicks on the link, you will have the token in the request and you use it to extract the user's record (and corresponding email).
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|